Google Chrome is the preferred browser of millions of individuals around the country because of its high speed and security features. Google has been conscious of security needs of users and it has made constant efforts to beef up their security while using this browser to access websites on the web. A bug bounty program was launched by Google in 2010. Now, Google has said that it is increasing the rewards by 2-3 times for those who report a bug in Chrome.
Chromium is an open source project from Google that invites a worldwide community of web developers to make Google Chrome faster, better and richer through their efforts. Chrome vulnerability rewards program pays cash rewards to those who find and report bugs in Chrome. Till date, Google has paid cash rewards to the tune of nearly $5 million to developers who have pointed out bugs and security flaws to Google. This is a Google way of saying thank you to developers and researchers who have worked with Google on this project.
Since 2010, Google has expanded this project several times, increasing cash rewards for developers reposting bugs in Google Chrome operating system. There is a program called Chrome Fuzzer Program where Google tests the bugs reported by developers. These developers submit their bugs and get rewarded by Google whenever their claims are verified by Google through Fuzzing. The process of submitting and getting rewards has been automated by Google to make it easy for the Chrome developers around the world.
Now, Google has increased the amount of cash rewards for these developers and the details of these rewards can be read by anyone by visiting the program rules page of Google. The amount for baseline bug reporting has been increased from $5000 to $15000 while the reward for high quality bug reporting has been doubled from $15000 to $30000. This is wonderful news for Chrome developers as their efforts will help them reap rich rewards from Google. Even the bonus amount for fuzzers has been doubled from $1000 to $2000 from now onwards.
To make sure developers are able to earn big money with their efforts, Google even clarified what it means by high quality reports. They have classified bugs into different categories and also made it clear as to which bugs attract maximum amount of cash reward for the developers. This is a clear indication of what type of bugs Google wants developers in the Chrome community to work upon.
There is more good news for developers. The reward for identifying bugs in exploit chains that have the potential to compromise with the security of a Chromebox or Chromebook has been doubled form the present $15000 to $30000. There are separate reward categories for developers identifying bugs in lock screen bypasses and firmware.
All the new cash rewards announced by Google will become applicable on bugs submitted after 18 July, 2019. To check your eligibility and the types of bugs that earn rearwards, you should visit the Chrome vulnerability reward program rules on the website of Google.